What do you think?
Rate this book
Web Security for Developers
Website security made easy. This book covers the most common ways websites get hacked and how web developers can defend themselves.
The world has changed. Today, every time you make a site live, you're opening it up to attack.
A first-time developer can easily be discouraged by the difficulties involved with properly securing a website. But have hope: an army of security researchers is out there discovering, documenting, and fixing security flaws. Thankfully, the tools you'll need to secure your site are freely available and generally easy to use.
Web Security for Developers will teach you how your websites are vulnerable to attack and how to protect them. Each chapter breaks down a major security vulnerability and explores a real-world attack, coupled with plenty of code to show you both the vulnerability and the fix.
You'll learn how to:
- Protect against SQL injection attacks, malicious JavaScript, and cross-site request forgery
- Add authentication and shape access control to protect accounts
- Lock down user accounts to prevent attacks that rely on guessing passwords, stealing sessions,
- or escalating privileges
- Implement encryption
- Manage vulnerabilities in legacy code
- Prevent information leaks that disclose vulnerabilities
- Mitigate advanced attacks like malvertising and denial-of-service
As you get stronger at identifying and fixing vulnerabilities, you'll learn to deploy disciplined, secure code and become a better programmer along the way.
The world has changed. Today, every time you make a site live, you're opening it up to attack.
A first-time developer can easily be discouraged by the difficulties involved with properly securing a website. But have hope: an army of security researchers is out there discovering, documenting, and fixing security flaws. Thankfully, the tools you'll need to secure your site are freely available and generally easy to use.
Web Security for Developers will teach you how your websites are vulnerable to attack and how to protect them. Each chapter breaks down a major security vulnerability and explores a real-world attack, coupled with plenty of code to show you both the vulnerability and the fix.
You'll learn how to:
- Protect against SQL injection attacks, malicious JavaScript, and cross-site request forgery
- Add authentication and shape access control to protect accounts
- Lock down user accounts to prevent attacks that rely on guessing passwords, stealing sessions,
- or escalating privileges
- Implement encryption
- Manage vulnerabilities in legacy code
- Prevent information leaks that disclose vulnerabilities
- Mitigate advanced attacks like malvertising and denial-of-service
As you get stronger at identifying and fixing vulnerabilities, you'll learn to deploy disciplined, secure code and become a better programmer along the way.
218 pages, Paperback
Published May 12, 2020
50 people are currently reading
266 people want to read
About the author
Malcolm McDonald
48Ìýbooks4ÌýfollowersLibrarian note:
There is more than one author in the GoodReads database with this name
This profile may contain books from multiple authors of this name
There is more than one author in the GoodReads database with this name
This profile may contain books from multiple authors of this name
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 14 of 14 reviews
November 3, 2021
As a web developer with a certain knowledge of a few of the topics covered in this book, I have really enjoyed reading it. It covers a wide amount of security-related issues, and it's really easy to find stuff that you didn't know about or you didn't know enough. The author covers an amazingly large amount of technologies and topics, and he does so in a way clear and attractive enough to make those who don't plan on using them, still feel interested in the discussed issue.
Obviously, the price to do so is covering the topics rather loosely, which can be a major issue for some. That was not my case: this text is an excellent starting point for those who know next two nothing about how the Internet works and want to gain a deeper knowledge of how security is dealt with by the applications that we love and use every day; but also a worthy reference for any code developer who wants to grow and become better at their job, by reviewing many processes that programmers take for granted and discovering a handful of new insights around security.
At some points, simplicity becomes an issue, as the code snippets offered from time to time in order to illustrate situations. But don't let this be an stopper: this is the kind of text that moves you to research further any topics that you don't find totally clear. This book doesn't always give you all the information that you need in order to understand complex processes, but it clearly gives you all the knowledge you need to dig as deep as you wish in order to improve that understanding. And for me that's all I needed and more than I expected from it.
Obviously, the price to do so is covering the topics rather loosely, which can be a major issue for some. That was not my case: this text is an excellent starting point for those who know next two nothing about how the Internet works and want to gain a deeper knowledge of how security is dealt with by the applications that we love and use every day; but also a worthy reference for any code developer who wants to grow and become better at their job, by reviewing many processes that programmers take for granted and discovering a handful of new insights around security.
At some points, simplicity becomes an issue, as the code snippets offered from time to time in order to illustrate situations. But don't let this be an stopper: this is the kind of text that moves you to research further any topics that you don't find totally clear. This book doesn't always give you all the information that you need in order to understand complex processes, but it clearly gives you all the knowledge you need to dig as deep as you wish in order to improve that understanding. And for me that's all I needed and more than I expected from it.
August 1, 2020
Much has been and continues to be written on the topic of computer security, but a lot of that content is directed towards computer security professionals. Few resources exist that are written for software developers, by developers. In this work, McDonald seeks to answer the need for a comprehensive exposition on this topic. In this attempt, he succeeds in providing a clear and thorough introduction of what developers need to know about security.
The biggest advantage of this book is that it collects all a developer needs to know in one space. McDonald’s treatment does not go in too much detail for the audience, as in many security books. Instead, as the book’s subtitle suggests, it pragmatically focuses on how security principles apply to the art and science of programming.
This work is written for a general audience of programmers and not focused on one specific language. The author appears to be a Ruby developer as many of the examples are written in that language. However, knowledge of Ruby is not required to appreciate and learn from this book. Indeed, the vast majority of this book is pertinent to any language on any platform.
Despite these strengths, McDonald’s book exhibits some weakness as it contains very little cutting-edge material. It would have been nice to include towards the end a chapter or two on emerging concepts. Because of this, people who stay engaged with the state-of-the-art might find the book redundant and not worth their time.
Web Security for Developers is geared mainly for web developers who are in early-to-mid career. Despite the introduction’s claim that experienced programmers will fill in a few knowledge gaps, in truth, experienced programmers will find little new here. Nonetheless, this work fills a needed gap in the literature for all that programmers need to know about computer security concepts. This solid work should be relevant for years to come.
The biggest advantage of this book is that it collects all a developer needs to know in one space. McDonald’s treatment does not go in too much detail for the audience, as in many security books. Instead, as the book’s subtitle suggests, it pragmatically focuses on how security principles apply to the art and science of programming.
This work is written for a general audience of programmers and not focused on one specific language. The author appears to be a Ruby developer as many of the examples are written in that language. However, knowledge of Ruby is not required to appreciate and learn from this book. Indeed, the vast majority of this book is pertinent to any language on any platform.
Despite these strengths, McDonald’s book exhibits some weakness as it contains very little cutting-edge material. It would have been nice to include towards the end a chapter or two on emerging concepts. Because of this, people who stay engaged with the state-of-the-art might find the book redundant and not worth their time.
Web Security for Developers is geared mainly for web developers who are in early-to-mid career. Despite the introduction’s claim that experienced programmers will fill in a few knowledge gaps, in truth, experienced programmers will find little new here. Nonetheless, this work fills a needed gap in the literature for all that programmers need to know about computer security concepts. This solid work should be relevant for years to come.
August 2, 2020
This is a good beginner's level book for someone interested in learning more about IT security.
August 15, 2021
Although is not going deep into the topics and the various attacks it describes, it is a solid book that can be used as a starting point for someone who is interested about the topic.
February 7, 2021
Recommended reading material for anyone interested in web security. Very practical and pragmatic.
January 30, 2021
This book should be named "An introduction to web security".
The first part is useless for Developers, as it starts with how the internet and web servers work and other basic stuff. The next part describes some simple and common web attacks.
The first part is useless for Developers, as it starts with how the internet and web servers work and other basic stuff. The next part describes some simple and common web attacks.
March 11, 2021
Web Security for Developers is beneficial for understanding and defending from different types of information security threats. Moreover, it is an excellent front-to-back read for security practitioners and web application developers alike—the types of attacks described in this book parallel university intro to information security courses.
My only gripe as a full stack developer is that there were not enough code samples for my taste. The code samples for tasks such as writing security rules and making configurations to your server are primarily in Ruby, which makes this an excellent resource for Ruby on Rails developers.
Overall, this was one of the more casually written yet highly informative software development books I have read. I found the supply of highly actionable defense measures offered to be habits and actions that web professionals can immediately utilize.
May 31, 2021
Who was the intended audience for this book? My mum? I felt like I got literally nothing from it. At 200 pages long it's not like anyone was expecting an in-depth treatise on web security but it was so shallow I'm sure the Wikipedia article on the subject is more in-depth and at the same time more concise and thus less time wasting than this book.
January 21, 2023
A Must-Read For Web Developers
This was a great book on web security.
A lot of this book I already know, but I still learned some great points about how to harden your web development projects.
This is a very important read, because coding vulnrabilities in your code can result in company loss, legal customer issues, exposure to threats, and many other risks.
Check it out!
4.7/5
This was a great book on web security.
A lot of this book I already know, but I still learned some great points about how to harden your web development projects.
This is a very important read, because coding vulnrabilities in your code can result in company loss, legal customer issues, exposure to threats, and many other risks.
Check it out!
4.7/5
July 21, 2021
A great starting point for web developers to learn basic security concepts.
It is describing the most important cyber attacks and best mitigations for defending against them in a very beginner-friendly language. I think every web developer (Front-end or Back-end) needs to read this book.
It is describing the most important cyber attacks and best mitigations for defending against them in a very beginner-friendly language. I think every web developer (Front-end or Back-end) needs to read this book.
August 31, 2022
3.5 for the very well written and organised content. Should be easy to understand even for non-IT field readers. Though I was hoping for a more technical discussion with examples on the more common technologies.
March 11, 2023
Nicely organized. The first part describes the software process well. The second part surveys many vulnerabilities and mitigations especially for the web. The HTTP security headers and parameters were especially instructive.
May 16, 2021
If you are an experienced developer, this book may be a little basic, but still has some useful information. There are examples of recommended settings you can use in your web applications.
4.5/5
4.5/5
January 20, 2022
The book is a great recap over web security. If you are experienced on the web, likely all the recommendations by the author will be obvious. However, it's always great to remember important topics.
Displaying 1 - 14 of 14 reviews
Can't find what you're looking for?
Get help and learn more about the design.